Claim transformations for trust relationships

US 20070255958A1
Filed: 05/01/2006
Published: 11/01/2007
Est. Priority Date: 05/01/2006
Status: Abandoned Application

First Claim

Patent Images

1. A claim transformation system for transforming a claim from one format to a different format, the system comprising:

a first claim transformation submodule;

a second claim transformation submodule; and

wherein the first and second claim transformation submodules have the ability to transform a claim from one format to a plurality of different formats.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure relates to the ability to use multiple claim transformation modules in a trust relationship. Claim transformation modules transform a claim or claim set into a transformed claim or claim set for use by a trusted partner and/or application. Multiple claim transformation modules may be given the opportunity to act on a claim or claim set in a pipelined fashion. In another embodiment, multiple claim transformation modules may exist, but only the proper claim transformation module(s) is(are) given the opportunity to act on a claim or claim set. In an embodiment, the claims involved are security claims used for authentication purposes between trust partners in a federated authentication system.

Citations

20 Claims

1. A claim transformation system for transforming a claim from one format to a different format, the system comprising:
- a first claim transformation submodule;
  
  a second claim transformation submodule; and
  
  wherein the first and second claim transformation submodules have the ability to transform a claim from one format to a plurality of different formats.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The claim transformation system defined in claim 1, wherein the first and second claim transformation submodules are arranged in a pipelined fashion.
  - 3. The claim transformation system defined in claim 2, wherein the first and second claim transformation submodules are arranged to transform the claim until no change to the claim is detected.
  - 4. The claim transformation system defined in claim 3, wherein the system further comprises a claim transformation submodule to verify whether any changes made by the other submodules are unallowable.
  - 5. The claim transformation system defined in claim 2, wherein:
    - the first claim transformation submodule transforms the claim in its original format to produce a first resultant claim;
      
      the second claim transformation submodule processes the claim in its original format to produce a second resultant claim; and
      
      an aggregation module aggregates the first and second resultant claims to produce a final claim.
  - 6. The claim transformation system defined in claim 1, wherein:
    - the system directs the claim to the first claim transformation submodule if that submodule is determined to be proper for that processing; and
      
      the system directs the claim to the second claim transformation submodule if that submodule is determined to be proper for that processing.
  - 7. The claim transformation system defined in claim 6, wherein the first and second claim transformation submodules transform the claim until no change is detected.
  - 8. The claim transformation system defined in claim 7, wherein the system further comprises a claim transformation submodule to verify whether any changes made by the other submodules are unallowable.
  - 9. The claim transformation system defined in claim 6, wherein:
    - the first claim transformation submodule transforms the claim in its original format to produce a first resultant claim;
      
      the second claim transformation submodule transforms the claim in its original format to produce a second resultant claim; and
      
      an aggregation module aggregates the resultant claims to produce a final claim.

10. A method for transforming a claim at an extensibility point in a trust relationship environment, the method comprising:
- maintaining in a trust relationship environment an extensibility point, wherein a single claim transformation submodule or multiple claim transformation submodules may be plugged in;
  
  determining the first format of the claim;
  
  determining the second format of the claim;
  
  creating a claim transformation submodule customized to change the claim format from the first format to the second format; and
  
  plugging the claim transformation submodule into the extensibility point.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method as defined in claim 10, wherein the method further comprises configuring the submodules into a pipeline as part of the extensibility point.
  - 12. The method as defined in claim 11, wherein the method further comprises plugging in an additional submodule.
  - 13. The method as defined in claim 10, wherein the method further comprises determining the proper claim transformation submodule to which to send the claim.
  - 14. The method as defined in claim 10, wherein the method further comprises processing the claim until steady state is achieved.
  - 15. The method as defined in claim 10, wherein a claim set is involved and wherein the transforming applies to all claims within the claim set.
  - 16. The method as defined in claim 10, further comprising:
    - sending the claim in its original format to a claim transformation submodule to transform the claim into a resultant claim;
      
      separating the resultant claim from a claim transformation submodule from the resultant claims from other claim transformation submodules;
      
      gathering the resultant claims;
      
      aggregating the resultant claims to produce a final claim.

17. An extensible system for sharing and transforming claim information in a trust relationship, the system comprising:
- a resource provider requesting information to authenticate an account;
  
  an identity provider providing authentication information to the resource provider;
  
  an account store maintaining authentication information to populate a claim to send to the requesting resource provider; and
  
  an extensibility point, wherein one or more claim transformation submodules may be plugged in as part of such point to transform the claim from a first format provided by the identity provider to a second format recognized by the resource provider.
- View Dependent Claims (18, 19, 20)
- - 18. The extensible system as defined in claim 17, wherein the claim transformation submodules are arranged in a pipelined fashion.
  - 19. The extensible system as defined in claim 17, wherein the claim is sent only to the claim transformation submodules deemed proper for processing the claim.
  - 20. The extensible system as defined in claim 17, wherein an additional extensibility point exists to transform the format of a claim received from an identity provider to a format recognized by a resource application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kalki, Jagadeesh, Nori, Vijayavani, Tevosyan, Kahren, Del Conte, Derek, Johnson, Ryan, Schmidt, Donald, Spelman, Jeffrey, Hartop, Danver

Application Number

US11/416,275
Publication Number

US 20070255958A1
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

G06F 21/335 for accessing specific reso...

H04L 63/08 for authentication of entit...

Claim transformations for trust relationships

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Claim transformations for trust relationships

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links